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AMENDMENTS TO THE CT.ATMS 

1 . (Currently amended) A hybrid authentication system for securing digital 
communications in a network and enabling a global enterprise, comprising: 

a distributed authentication infi-astructure including a plurality of nodes in 
communication with each other, each of said plurality of nodes having an identification 
and intended to perform a series of functions, one of said series of fiinctions for verifying 
said identification of said plurality of nodes; and 

a centralized authentication infi-astructure integrated into said distributed 
authentication infrastructure and including a central server, said central server being 
coupled to said plurality of nodes and being utilized for verifying said identification of 
said plurality of nodes, wherein said central server can be utilized for supporting or 
replacing at least one of said plurality of nodes; 

wherein said distributed authentication infrastructure is initially implemented and 
said centralized authentication infrastructure is later integrated into said distributed 
authenticated infrastructure; 

wherein said distributed authentication infrastructure is selected from the group 
consisting of a threshold cryptography service model and a web-of-trust service model; 

wherein said centralized authentication system is selected from the group 
consisting of a public key infrastructure and a kerberos service model; 

wherein said plurality of nodes include at least one of a personal digital assistant, 
a digital pager, a digital fax machine, a video teleconferencing device, a wireless 
telephone, a portable computer, a desktop computer, and a communication device, 
wherein said plurality of nodes includes a verifying node coupled to a new entity for 
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verifying the identification of said new entity and enrolling said new entity into the 
hybrid authentication system and wherein said verifying node signs a certificate related to 
said new entit v and said central server publishes a certificate revocation list, said 
verifying node examining said certificate revocation list for determining whether said 
certificate has been revoked . 

2. (canceled). 

3. (Previously amended) The hybrid authentication system of claim 1 wherein 
said new entity provides said verifying node with at least one predetermined credential. 

4. (canceled) 

5. (canceled) 

6. (fteviously amended) The hybrid authentication system of claim 1 wherein a 
quorum of said plurality of nodes publishes a certificate revocation list, said verifying 

node examining said certificate revocation list for determining whether said certificate 
has been revoked. 

7. (Previously amended) The hybrid authentication system of claim 1 wherein 
said central server is said new entity. 

8. (Original) The hybrid authentication system of claim 1 wherein said distributed 
authentication infrastructure requires a quorum of said plurality of nodes for enrolling a 
new entity into the hybrid authentication system. 

9. (Original) The hybrid authentication system of claim 8 wherein each node of 
said quorum utilizes a partial key for partially signing a certificate related to said new 
entity so as to provide said new entity with a fiiU signature. 
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10. (Original) The hybrid authentication system of claim 9 wherein said central 
server publishes a certificate revocation list, each node of said quorum examining said 
certificate revocation list for determining whether said certificate has been revoked. 

1 1 . (Original) The hybrid authentication system of claim 8 wherein said central 
server is said new entity. 

12. (Original) The hybrid authentication system of claim 1 wherein said central 
server is coupled to a new entity and is utilized for verifying the identification of said 
new entity and enrolling said new entity into the hybrid authentication system, said 
central server producing a log for recording a plurality of failed authentications and a 
plurality of failed enrollments by said plurality of nodes. 

13. (Original) The hybrid authentication system of claim 1 wherein said central 
server is coupled to said plurality of nodes for at least one of issuing a global directive 
thereto and bolstering said plurality of nodes by assisting with at least one of an 
enrollment task, an authentication task, and a permission granting task. 

14. (Original) The hybrid authentication system of claim 13 wherein said global 
directive includes at least one of a rekey instruction and a critical trust chain path, said 
rekey instruction and said critical trust chain path for providing a secured data transfer 
line. 

15. (Original) The hybrid authentication system of claim 1 wherein said plurality 
of nodes includes a first node and a second node coupled to said first node, said first node 
presenting a first certificate to said second node for authenticating said first node. 

16. (Original) The hybrid authentication system of claim 15 wherein said second 
node examines a certificate revocation list prepared by said central server, said second 
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node examining said certificate revocation list for determining whether said first 
certificate has been revoked. 

17. (Original) The hybrid authentication system of claim 15 wherein said second 
node examines a certificate revocation list prepared by a quorum of said plurality of 
nodes, said second node examining said certificate revocation list for determining 
whether said first certificate has been revoked. 

18. (Original) The hybrid authentication system of claim 15 wherein said second 
node is coupled to a trusted third party node from said plurality of nodes, said second 
node producing an authentication task signed by said first node and sending said 
authentication task to said trusted third party node, said trusted third party node verifying 
said identification of said first node. 

19. (Original) The hybrid authentication system of claim 15 wherein said second 
node presents a second certificate to said first node for authenticating said second node. 

20. (Original) The hybrid authentication system of claim 19 wherein said first 
node examines a certificate revocation list prepared by said central server, said first node 
examining said certificate revocation list for determining whether said second certificate 
has been revoked. 

21. (Original) The hybrid authentication system of claim 19 wherein said first 
node examines a certificate revocation list prepared by a quorum of said plurality of 
nodes, said first node examining said certificate revocation list for determining whether 
said second certificate has been revoked. 

22. (Original) The hybrid authentication system of claim 18 wherein said first 
node is coupled to a trusted third party node from said plurality of nodes, said first node 
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producing an authentication task signed by said second node and sending said 
authentication task to said trusted third party node, said trusted third party node verifying 
said identification of said first node. 

23. (Currently amended) A hybrid authentication system, comprising: a 
distributed authentication infi-astructure based on a threshold cryptography service model 
and including a plurality of nodes in communication with each other, each of said 
plurality of nodes having an identification and intended to perform a series of fiinctions, 
one of said series of fimctions for verifying said identification of said plurality of nodes; 
and a centralized authentication infi-astructure based on a public key infrastructure and 
integrated into said distributed authentication infrastructure, said centralized 
authentication infrastructure including a certificate authority coupled to said plurality of 
nodes and utilized for verifying said identification of said plurality of nodes; wherein said 
plurality of nodes includes a verifying node coupled to a new entity for verifying the 
identification of said new entity and enrolling said new entity into the hybrid 
authentication system and wherein said verifying node signs a certificate related to said 
new entity and said central server publishes a certificate revocation list, said verifying 
node examining said certificate revocation list for determining whether said certificate 
has been revoked, wherein said distributed authentication infrastructure is initially 
implemented and said centralized authentication infrastructure is later integrated into said 
distributed authenticated infrastructure. 

24. (Currently amended) A hybrid authentication system, comprising: a 
distributed authentication infrastructure based on a web-of-trust service model and 
including a plurality of nodes in commimication with each other, each of said plurality of 
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nodes having an identification and intended to perform a series of fiinctions, one of said 
series of functions for verifying said identification of said plurality of nodes; and a 
centralized authentication infrastructure based on a public key infrastructure and 
integrated into said distributed authentication infrastructure, said centralized 
authentication infrastructure including a certificate authority coupled to said plurality of 
nodes and utilized for verifying said identification of said plurality of nodes; wherein said 
distributed authentication infrastructure is initially implemented and said centralized 
authentication infrastructure is later integrated into said distributed authenticated 
infrastructure, and wherein said plurality of nodes is a plurality of members including a 
first member and a second member, said certificate authority issuing a first group 
certificate to said first member that provides said first member with a first permission 
level, said certificate authority issuing a second group certificate to said second member 
that provides said second member with a second permission level , wherein said first 
permission level is greater than said second permission level . 

25. (canceled) 

26. (Previously amended) The hybrid authentication system recited in claim 24 
wherein said first group certificate enables said first member to enroll a new entity into 
the system and provide said new entity with a new permission level equivalent up to said 
first permission level. 

27. (Previously amended) The hybrid authentication system recited in claim 24 
wherein said second group certificate enables said second member to enroll a new entity 
into the system and provide said new entity with a new permission level equivalent up to 
said second permission level. 
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28. (Canceled). 

29. (Previously amended) A hybrid authentication system, comprising: a 
distributed authentication infrastructure including a plurality of nodes in communication 
with each other, each of said plurality of nodes having an identification and intended to 
perform a series of fiinctions, one of said series of fimctions for verifying said 
identification of said plurality of nodes; and a centralized authentication infrastructure 
integrated into said distributed authentication infrastructure, said centralized 
authentication infrastructure including a certificate authority coupled to said plurality of 
nodes and utilized for verifying said identification of said plurality of nodes; wherein said 
centralized authentication infrastructure provides a signed certificate for verifying said 
identification and wherein said distributed authentication infrastructure is initially 
implemented and said centralized authentication infrastructure is later integrated into said 
distributed authenticated infrastructure. 

30. (Original) The hybrid authentication system of claim 29 wherein said central 
server is coupled to said plurality of nodes for at least one of issuing a global directive 
thereto and supporting said plurality of nodes by assisting with at least one of an 
enrollment task, an authentication task, and a permission granting task. 

31. (Original) The hybrid authentication system of claim 30 wherein said global 
directive includes at least one of a rekey instruction and a critical trust chain path, said 
rekey instruction and said critical trust chain path for providing a secured data transfer 
line. 

32. (Original) A method for creating the hybrid authentication system recited in 
claim 1, comprising: first coupling a plurality of nodes to each other in a distributed 
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authentication infrastructure; then migrating said distributed authentication infrastructure 
to a centralized authentication structure; and allocating at least one of an enrollment 
function and an authentication function between said cenfral server and said plurality of 
nodes. 

33. (Original) The method of claim 32 wherein migrating comprises coupling a 
central server to said plurality of nodes. 

34. (Original) The method recited in claim 33 further comprising: coupling said 
central server to a verifying node of said plurality of nodes; sending at least one 
predetermined credential from said central server to said verifying node; enrolling said 
cenfral server into the hybrid authentication system. 

35. (Original) The method recited in claim 33 fiirther comprising: coupling said 
cenfral server to a verifying node of said plurality of nodes; sending a certificate 
revocation list from said central server to said verifying node; enrolling said central 
server into the hybrid authentication system. 

36. (Original) The method recited in claim 32 further comprising: coupling a new 
entity to one of said plurality of nodes; sending at least one predetermined credential 
from said new entity to said verifying node; enrolling said new entity into the hybrid 
authentication system. 

37. (Original) The method recited in claim 32 further comprising: coupling a new 
entity to a verifying node of said plurality of nodes; sending a certificate revocation list 
from said new entity to said verifying node; enrolling said new entity into the hybrid 
authentication system. 
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38. (Original) The method recited in claim 32 fiirther comprising: appointing said 
central server as a proxy for a quorum of said plurality of nodes and for fulfilling an 
enrollment task; and enrolling said new entity into the hybrid authentication system. 
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